Ch 6
Users usually notice a failure of the domain naming master immediately-true or false? True False
False
Where would you find files related to logon and logoff scripts in an Active Directory environment? a. %systemroot%\SYSVOL b. C:\Windows\edb.log c. C:\Windows\NTDS d. %Windir%\ntds.dit
a. %systemroot%\SYSVOL
You maintain an RODC running Windows Server 2012 R2 at a branch office, and you want Juanita, who has solid computer knowledge, to perform administrative tasks, such as driver and software updates and device management. How can you do this without giving her broader domain rights? a. Assign Juanita's account as a delegated administrator in the RODC's computer account settings. b. Create a local user on the RODC for Juanita and add it to the Administrators group. Have Juanita log on with this account when necessary. c. Send Juanita for extensive Windows Server 2012 R2 training and then add her to the Domain Admins group. d. Create a script that adds Juanita to the Domain Admins group each day at a certain time, and then removes her from the group 1 hour later. Tell Juanita to log on and perform the necessary tasks during the specified period.
a. Assign Juanita's account as a delegated administrator in the RODC's computer account settings.
You need to install an RODC in a new branch office and want to use an existing workgroup server running Windows Server 2012 R2. The office is a plane flight away and is connected via a WAN. You want an employee at the branch office, Michael, to do the RODC installation because he's good at working with computers and following directions. What should you do? a. Create the computer account for the RODC in the Domain Controllers OU and specify Michael's account as one that can join the computer to the domain. b. Add Michael to the Domain Admins group, and give him directions on how to install the RODC. c. Create a group policy specifying that Michael's account can join RODCs to the domain and then use the Delegation of Control Wizard on the Domain Controllers OU. d. Add Michael's domain account to the Administrators group on the server, and give him directions on how to install the RODC.
a. Create the computer account for the RODC in the Domain Controllers OU and specify Michael's account as one that can join the computer to the domain.
You have four DCs in your domain. Active Directory appears to be corrupted on one of the DCs, and you suspect a failing hard drive. You attempt to remove it from the domain, but the procedure fails. You take the DC offline permanently and will replace it with another DC of the same name. What must you do before you can replace the DC? a. Perform metadata cleanup. b. Restore the system state. c. Back up SYSVOL. d. Transfer the FSMO roles.
a. Perform metadata cleanup.
What is the name of a domain controller on which changes can't be written? a. Read only domain controller b. Access only domain controller c. No write domain controller d. Secured domain controller
a. Read only domain controller
Which of the following is the period between an object being deleted and being removed from the Active Directory database? a. Tombstone lifetime b. Object expiration c. Restoration period d. Defragmentation limit
a. Tombstone lifetime
You're taking an older server performing the RID master role out of service and will be replacing it with a new server configured as a domain controller. What should you do to ensure the smoothest transition? a. Transfer the RID master role to the new domain controller, and then shut down the old server. b. Shut down the current RID master and seize the RID master role from the new domain controller. c. Shut down the current RID master, and then transfer the RID master role to the new domain controller. d. Back up the domain controller that's currently the RID master, restore it to the new domain controller, and then shut down the old RID master.
a. Transfer the RID master role to the new domain controller, and then shut down the old server.
Which command must you use to restore deleted Active Directory objects in a domain with two or more writeable DCs if the Active Directory Recycle Bin isn't enabled? a. ntdsutil with the authoritative restore command b. wbadmin with the -authsysvol option c. ntdsutil with the create snapshot command d. wbadmin with the -restoreobject option
a. ntdsutil with the authoritative restore command
Which of the following is the term for a DC in a site that handles replication of a directory partition for that site? a. Knowledge Consistency Checker b. Bridgehead server c. Inter-Site Topology Generator d. Global catalog server
b. Bridgehead server
Which server role below cannot be installed on a domain controller that will be cloned? a. DNS b. DHCP c. RADIUS d. WSUS
b. DHCP
What's the term for removing deleted objects in Active Directory? a. Offline defragmentation b. Garbage collection c. Tombstoning d. Recycling objects
b. Garbage collection
What DC is responsible for ensuring that changes made to object names in one domain are updated in reference to the objects in other domains? a. RID Master b. Infrastructure master c. schema master d. PDC emulator
b. Infrastructure master
By default, replication between DCs when no changes have occurred is scheduled to happen how often? a. Never b. Once per hour c. Once per day d. Once per week
b. Once per hour
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data? a. System b. SYSVOL c. Root d. NTDS
b. SYSVOL
Which option below is not one of the three main methods for cleaning up metadata? a. Active Directory Users and Computers b. wbsadmin.exe c. Active Directory Sites and Services d. ntdsutil.exe
b. wbsadmin.exe
How often does garbage collection run on a DC? a. 2 hours b. 6 hours c. 12 hours d. 18 hours
c. 12 hours
You have an application integrated with AD DS that maintains Active Directory objects containing credential information, and there are serious security implications if these objects are compromised. An RODC at one branch office isn't physically secure, and theft is a risk. How can you best protect this application's sensitive data? a. Use EFS to encrypt the files storing the sensitive objects. b. Configure the PRP for the RODC and specify a Deny setting for the application object. c. Configure a filtered attribute set and specify the application-related objects. d. Turn off all password replication on the RODC.
c. Configure a filtered attribute set and specify the application-related objects.
You have four users who travel to four branch offices often and need to log on to the RODCs at these offices. The branch offices are connected to the main office with slow WAN links. You don't want domain controllers at the main office to authenticate these four users when they log on at the branch offices. What should you do that requires the least administrative effort yet adheres to best practices? a. Add each user to the PRP on each RODC with an Allow setting. b. Add the four users to a local group on each RODC and add the local groups to the PRP on each RODC with an Allow setting. c. Create a new global group named AllBranches, add the four users to this group, and add the AllBranches group to the Allowed RODC Password Replication group. d. Create a group policy and set the "Allow credential caching on RODCs" policy to Enabled, add the four users to the policy, and link the policy to the Domain Controllers OU.
c. Create a new global group named AllBranches, add the four users to this group, and add the AllBranches group to the Allowed RODC Password Replication group.
Your company has had a major reorganization, and you need to transfer several hundred user accounts to another domain. Which of the following can help with this task? a. In Active Directory Users and Computers, select each account and export it. b. Create a system state backup and restore ntds.dit to the new domain. c. Create a snapshot and export the accounts with ldifde. d. Use the Export-ADUser PowerShell cmdlet.
c. Create a snapshot and export the accounts with ldifde.
Your Active Directory database has been operating for several years and undergone many object creations and deletions. You want to make sure it's running at peak efficiency, so you want to defragment and compact the database. What procedure should you use that will be least disruptive to your network? a. Create a temporary folder to hold a copy of the database. Restart the server in DSRM. Run ntdsutil and compact the database in the temporary folder. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database and restart the server normally. b. Create a temporary folder and a backup folder. Stop the Active Directory service. Run ntdsutil and compact the database in the temporary folder. Copy the original database to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database and restart the server. c. Create a temporary folder and a backup folder. Stop the Active Directory service. Run ntdsutil and compact the database in the temporary folder. Copy the original database to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database and restart the Active Directory service. d. Create a temporary folder and a backup folder. Restart the server in DSRM. Run ntdsutil and compact the database in the temporary folder. Copy the original database to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database and restart the Active Directory service.
c. Create a temporary folder and a backup folder. Stop the Active Directory service. Run ntdsutil and compact the database in the temporary folder. Copy the original database to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database and restart the Active Directory service.
You want to decrease users' logon time at SiteA but not increase replication traffic drastically. You have 50 users at this site with one domain controller. Overall, your network contains 3000 user and computer accounts. What solution can decrease logon times with the least impact on replication traffic? a. Configure the domain controller as a global catalog server. b. Configure multiple connection objects between the domain controller in SiteA and a remote global catalog server c. Enable universal group membership caching. d. Configure the domain controller as a domain naming master.
c. Enable universal group membership caching.
Which of the following configurations should you avoid? a. Domain naming master and schema master on the same domain controller b. PDC emulator and RID master on the same computer c. Infrastructure master configured as a global catalog server d. Schema master configured as a global catalog server
c. Infrastructure master configured as a global catalog server
User authentications are taking a long time. The domain controller performing which FSMO role will most likely decrease authentication times if it's upgraded? a. Infrastructure master b. Domain naming master c. PDC emulator d. RID master
c. PDC emulator
You have an Active Directory forest of two trees and eight domains. You haven't changed any of the operations master domain controllers. On which domain controller is the schema master? a. All domain controllers b. The last domain controller installed c. The first domain controller in the forest root domain d. The first domain controller in each tree
c. The first domain controller in the forest root domain
Which of the following is true about an RODC installation? a. A Windows server running at least Windows Server 2012 is required. b. Adprep /rodcprep must be run in Windows Server 2008 forests. c. The forest functional level must be at least Windows Server 2003. d. Another RODC must be available as a replication partner.
c. The forest functional level must be at least Windows Server 2003.
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed? a. Object expiry date b. Purge lifetime c. Tombstone lifetime d. Remove by date
c. Tombstone lifetime
What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database? a. flexible single master b. single master c. multimaster d. domain-wide
c. multimaster
Within the NTDS folder, which file stores the main Active Directory database? a. ed.dit b. edb.chk c. ntds.dit d. edbres00001.jrs
c. ntds.dit
Users of a new network subnet have been complaining that logons and other services are taking much longer than they did before being moved to the new subnet. You discover that many logons and requests for DFS resources from clients in the new subnet are being handled by domain controllers in a remote site instead of local domain controllers. What should you do to solve this problem? a. Compact the Active Directory database because fragmentation must be causing latency b. Create a new site and add the clients and new GC server to the new site c. Change the IP addresses of the clients to correspond to the network of the DCs that are handling the logons d. Create a new subnet and add the subnet to the site that maps to the physical location of the clients
d. Create a new subnet and add the subnet to the site that maps to the physical location of the clients
Which of the following is not a function of the global catalog? a. Facilitating forest-wide searches b. Facilitating forest-wide logons c. Keeping universal group memberships d. Facilitating intersite replication
d. Facilitating intersite replication
You have installed an RODC at a branch office that also runs the DNS Server role. All DNS zones are Active Directory integrated. What happens when a client computer attempts to register its name with the DNS service on the RODC? a. The DNS service rejects the registration. The client must be configured with a static DNS entry. b. The DNS service creates a temporary record in a dynamically configured primary zone. The record is replicated to other DNS servers and then deleted on the RODC. c. The DNS service passes the request to another DNS server. After registration is completed, the DNS server that performed the registration sends the record to the DNS service on the RODC. d. The DNS service sends a referral to the client. The client registers its name with the referred DNS server.
d. The DNS service sends a referral to the client. The client registers its name with the referred DNS server.
What assigned value represents the bandwidth of the connection between sites? a. metric b. site c. log d. cost
d. cost
What holds the log of Active Directory transactions of changes? a. aed.dit b. edb.chk c. ntds.log d. edb.log
d. edb.log
Which of the following commands backs up the Registry, boot files, the Active Directory database, and the SYSVOL folder to the B drive? a. backup %systemroot% -selectsystemstate > B: b. ntdsutil create snapshot -source C:\Windows\ntds -dest B: c. robocopy C:\Windows /r /destination:B: d. wbadmin start systemstatebackup -backuptarget:B:
d. wbadmin start systemstatebackup -backuptarget:B: